Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Discuss Year 2000 Issues -- Ignore unavailable to you. Want to Upgrade?

To: Ken Salaets who wrote (2329)	7/31/1998 5:55:00 PM
From: John Mansfield	Read Replies (1) \| Respond to of 9818

' Y2K Triage: A Concept whose Time has Come By Howard Belasco The hour is late, the river is rising and we are running out of sandbags. Now what? It's triage time. What is triage? It is another way to say "Prioritize." It is imperative that you understand which of your various systems and interfaces are absolutely vital to the survival of your business, mission-critical, and which are not. Triage is a battlefield term and comes from the French meaning "to sort". The goal of triage is to make the critical decisions necessary to improve overall patient outcome by quickly identifying and then prioritizing care for victims of a catastrophe in situations where there are small resources and a great number of victims. It determines the likelihood that immediate medical intervention will lead to the patient's survival. Similarly, in our Year 2000 context, it means the exercise during which an organization makes critical decisions about the inclusion of specific systems in a Year 2000 project and whether it needs to repair, replace or retire each of those systems. These decisions are based on reviews of the technical and business risks associated with each automated system. During the triage period the medical team usually divides the group into 3 sections, and I will add a fourth. 1.Those who can survive but only if treatment is immediately initiated in the field - patients with the highest potential for survival but in need of emergency medical attention are treated first. (Condition red) 2.those who will survive but can wait until transfer to a hospital - patients with high potential for survival but not in need of immediate medical attention. (Condition yellow) 3.those who might survive but in order to survive require extraordinary uses of resources. These victims are left in the field -. (Condition black) 4.Those that are dead or close to dying - another way of saying it is that victims with catastrophic injuries or no vital signs are passed over. (Condition black) In business, Year 2000 triage falls this way, 1.Critical to the operations of the business or critical to the uninterrupted operation of the business For private enterprise, any system which, if it fails (whether briefly or for an extended time) will result in the company effectively going out of business. (Such as payroll, sales and inventory data). (Condition red) - critical for survival, and that survival is likely ONLY if treatment (solution to the Y2K Problem) is initiated immediately with continuing follow-up by appropriate people with appropriate software and hardware solutions. 2.Required to support the business. The loss of these systems would seriously jeopardize or compromise the ability of the company to continue to function, yet would not stop the operations of the business. (such as help desk, management and financial reports ) (Condition yellow) - Significant problem but not in need of absolute immediate attention, treatment can wait until red group taken care of but treatment can not be postponed for long. 3.Required to support the business; however, the importance and timetable for the activity is lower than an item above (such as regular scheduled reports) (condition black) - walking wounded, need to be taken care of but time is not of the essence. It would also include those functions that are going to end anyway and therefore need no attention and can be left to fade away into the sunset. 4.Functions that are dead or dying and no amount of attention will bring them back, such as outdated methods or old, supplanted software or hardware systems. (condition black) Triage personnel really need to be good at "tough love." They must be ruthless and over-diagnose rather than under-diagnose and continue to revisit triage decisions throughout the term of the project. Much has been discussed about triage and the need for it but how do we really do this? For this answer I am indebted to someone but I don't know who. I found this spreadsheet on the Internet a while ago and if someone recognizes it please let me know so I can give attribution. Trying to decide what is mission critical for you is such a subjective decision that you usually can not make it alone. I had one CIO insist that over 500 of his 700 identified systems were condition red. I have used the following to assign risk factors to systems. First, of course, you need to draw up a complete inventory of all your systems, software and hardware. Then you need to list all the ways in which your systems link up with outside bodies, and how you exchange information and data. Now you need to assemble the managers or department heads or those people that are responsible for the systems listed on your inventory. Assign each item a number. I have seen lists over 2000 so don't be taken aback by the large number you might have. List these items, one after the other in column A and B of any spreadsheet or on a piece of paper. Now, in columns C through R of the spreadsheet (or the paper) put these statements, Criticality to the organization's mission Criticality and sensitivity to well-being, safety, or interest of general public, client, and customers Criticality and sensitivity of data and information for: competitive advantage, customer confidence, ensuring privacy, confidentiality, or security Fraud potential Ability to produce audit trails Degree of dependence on system Criticality of external interfaces with other systems or organizations Size of user area affected Level of process or functional complexity Newness of process or function to users Functional requirements changes (frequency, magnitude, number) Availability and adequacy of backup and recovery procedures Technical complexity Margin for error (i.e., is there reasonable time to make adjustments and corrections before the process is completed) Completeness, currency and accuracy of documentation Will you lose revenue or market share if the system stops working IN row S put Total score for process/function VERY IMPORTANT - This is NOT a group exercise. It must be done independently by each person without consultation with any other member of the group. Use the scoring below to determine your triage. Scoring legend: High Risk = 5, Moderate Risk = 3, Low Risk = 1, No Risk = 0 If the total risk for a process or function is between 60 and 75, it is high risk. (Condition red) If the score is between 30 and 60, it is moderate risk. (Condition yellow) If between 0 and 30, it is low risk. (Condition black) Once you have determined what lives and what dies, remember that you must be ruthless and LET IT DIE. The life of your company depends on it. The hour is late, the river is rising and we are running out of sandbags. y2ktimebomb.com